[PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem

[PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem

[Haotian Li]

Hi,
  We find some potential NULL pointer bugs on tools/virtiofsd.
Two patches are made to fix them.

Haotian Li (2):
  tools/virtiofsd/buffer.c: check whether buf is NULL in
    fuse_bufvec_advance func
  virtiofsd/passthrough_ll.c: check whether lo_map_reserve returns NULL
    in main func

 tools/virtiofsd/buffer.c         | 3 +++
 tools/virtiofsd/passthrough_ll.c | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

[PATCH 1/2] tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func

[Haotian Li]

In fuse_bufvec_advance func, calling fuse_bufvec_current func
may return NULL, so we should check whether buf is NULL before
using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/buffer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/virtiofsd/buffer.c b/tools/virtiofsd/buffer.c
index 27c1377f22..c94993b936 100644
--- a/tools/virtiofsd/buffer.c
+++ b/tools/virtiofsd/buffer.c
@@ -246,6 +246,9 @@ static int fuse_bufvec_advance(struct fuse_bufvec *bufv, size_t len)
 {
     const struct fuse_buf *buf = fuse_bufvec_current(bufv);

+    if (!buf)
+        return 0;
+
     bufv->off += len;
     assert(bufv->off <= buf->size);
     if (bufv->off == buf->size) {
-- 

[PATCH 2/2] virtiofsd: check whether lo_map_reserve returns NULL in main func

[Haotian Li]

In main func, func lo_map_reserve is called without NULL check.
If reallocing new_elems fails in func lo_map_grow, the func
lo_map_reserve may return NULL. We should check whether
lo_map_reserve returns NULL before using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/passthrough_ll.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index ec1008bceb..147c5381e9 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -3433,6 +3433,7 @@ int main(int argc, char *argv[])
         .proc_self_fd = -1,
     };
     struct lo_map_elem *root_elem;
+    struct lo_map_elem *reserve_elem;
     int ret = -1;

     /* Don't mask creation mode, kernel already did that */
@@ -3452,8 +3453,13 @@ int main(int argc, char *argv[])
      * [1] Root inode
      */
     lo_map_init(&lo.ino_map);
-    lo_map_reserve(&lo.ino_map, 0)->in_use = false;
+    reserve_elem = lo_map_reserve(&lo.ino_map, 0);
+    if (!reserve_elem)
+        goto err_out1;
+    reserve_elem->in_use = false;
     root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino);
+    if (!root_elem)
+        goto err_out1;
     root_elem->inode = &lo.root;

     lo_map_init(&lo.dirp_map);
-- 

Re: [PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem

[no-reply]

Patchew URL: https://patchew.org/QEMU/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com
Subject: [PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20201028185722.2783532-1-keithp@keithp.com -> patchew/20201028185722.2783532-1-keithp@keithp.com
 * [new tag]         patchew/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com -> patchew/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com
Switched to a new branch 'test'
c91e972 virtiofsd: check whether lo_map_reserve returns NULL in main func
387bda7 tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func

=== OUTPUT BEGIN ===
1/2 Checking commit 387bda78be64 (tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func)
ERROR: braces {} are necessary for all arms of this statement
#23: FILE: tools/virtiofsd/buffer.c:249:
+    if (!buf)
[...]

total: 1 errors, 0 warnings, 9 lines checked

Patch 1/2 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/2 Checking commit c91e9722f323 (virtiofsd: check whether lo_map_reserve returns NULL in main func)
ERROR: braces {} are necessary for all arms of this statement
#34: FILE: tools/virtiofsd/passthrough_ll.c:3457:
+    if (!reserve_elem)
[...]

ERROR: braces {} are necessary for all arms of this statement
#38: FILE: tools/virtiofsd/passthrough_ll.c:3461:
+    if (!root_elem)
[...]

total: 2 errors, 0 warnings, 21 lines checked

Patch 2/2 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem

[Haotian Li]

Hi,
Thanks for your suggestion. We will fix the coding style
problems and resend new patches.

> Patchew URL: https://patchew.org/QEMU/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Message-id: eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com
> Subject: [PATCH 0/2] virtiofsd: fix some accessing NULL pointer problem
> Type: series
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  - [tag update]      patchew/20201028185722.2783532-1-keithp@keithp.com -> patchew/20201028185722.2783532-1-keithp@keithp.com
>  * [new tag]         patchew/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com -> patchew/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com
> Switched to a new branch 'test'
> c91e972 virtiofsd: check whether lo_map_reserve returns NULL in main func
> 387bda7 tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func
> 
> === OUTPUT BEGIN ===
> 1/2 Checking commit 387bda78be64 (tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func)
> ERROR: braces {} are necessary for all arms of this statement
> #23: FILE: tools/virtiofsd/buffer.c:249:
> +    if (!buf)
> [...]
> 
> total: 1 errors, 0 warnings, 9 lines checked
> 
> Patch 1/2 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> 2/2 Checking commit c91e9722f323 (virtiofsd: check whether lo_map_reserve returns NULL in main func)
> ERROR: braces {} are necessary for all arms of this statement
> #34: FILE: tools/virtiofsd/passthrough_ll.c:3457:
> +    if (!reserve_elem)
> [...]
> 
> ERROR: braces {} are necessary for all arms of this statement
> #38: FILE: tools/virtiofsd/passthrough_ll.c:3461:
> +    if (!root_elem)
> [...]
> 
> total: 2 errors, 0 warnings, 21 lines checked
> 
> Patch 2/2 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> The full log is available at
> http://patchew.org/logs/eeb2fd1d-a53d-eae6-4727-7f1a6b20ac9e@huawei.com/testing.checkpatch/?type=message.
> ---
> Email generated automatically by Patchew [https://patchew.org/].
> Please send your feedback to patchew-devel@redhat.com
> 

[PATCH 1/2] tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func

[Haotian Li]

In fuse_bufvec_advance func, calling fuse_bufvec_current func
may return NULL, so we should check whether buf is NULL before
using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/buffer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/virtiofsd/buffer.c b/tools/virtiofsd/buffer.c
index 27c1377f22..bdc608c221 100644
--- a/tools/virtiofsd/buffer.c
+++ b/tools/virtiofsd/buffer.c
@@ -246,6 +246,10 @@ static int fuse_bufvec_advance(struct fuse_bufvec *bufv, size_t len)
 {
     const struct fuse_buf *buf = fuse_bufvec_current(bufv);

+    if (!buf) {
+        return 0;
+    }
+
     bufv->off += len;
     assert(bufv->off <= buf->size);
     if (bufv->off == buf->size) {
--